﻿<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="search-keywords" content="certificate, generator" />
<meta name="rh-authors" content="Nathan Pocock" />
<meta name="build tags" content="Member" />
<meta name="generator" content="Adobe RoboHelp 9" />
<title>Certificate Generator</title>
<link rel="StyleSheet" href="default.css" type="text/css" />
</head>

<body>
<h1>Certificate Generator</h1>
<p><?rh-udv_start name="TechnologyName" ?>Unified Architecture<?rh-udv_end ?> 
 certificates can be generated from the command-line using the UA Certificate 
 Generator. The <a href="UA_Configuration_Tool.htm">UA Configuration Tool</a> 
 uses this tool internally. Source code is provided with the sample application 
 source-code.</p>
<p>Run the following command from the command-prompt to obtain important 
 help information:</p>
<p class="Code">Opc.Ua.CertificateGenerator.exe -?</p>
<p>&#160;</p>
<p>... the following information will be displayed: </p>
<p class="Code">-command or -cmd &lt;issue | revoke | unrevoke | install&gt; 
 The action to perform (default = issue).</p>
<p class="Code">-storePath or -sp &lt;filepath&gt; &#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;The 
 directory of the certificate store (mandatory, must be writeable).</p>
<p class="Code">-applicationName or -an &lt;name&gt; &#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;The 
 name of the application (mandatory).</p>
<p class="Code">-applicationUri or -au &lt;uri&gt; &#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;The 
 URI for the appplication (optional).</p>
<p class="Code">-subjectName or -sn &lt;DN&gt; &#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;The 
 distinguished subject name, fields seperated by a / (i.e. CN=Hello/O=World).</p>
<p class="Code">-organization or -o &lt;name&gt; &#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;The 
 organization (optional).</p>
<p class="Code">-domainNames or -dn &lt;name&gt;,&lt;name&gt; &#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;A 
 list of domain names seperated by commas (optional)</p>
<p class="Code">-password or -pw &lt;password&gt; &#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;The 
 password for the new private key file (optional).</p>
<p class="Code">-issuerKeyFilePath or -ikf &lt;filepath&gt; &#160;&#160;&#160;&#160;&#160;&#160;The 
 path to the issuer private key file (optional).</p>
<p class="Code">-issuerKeyPassword or -ikp &lt;password&gt; &#160;&#160;&#160;&#160;&#160;&#160;The 
 password for the issuer private key file (optional).</p>
<p class="Code">-keySize or -ks &#160;&lt;bits&gt; &#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;The 
 size of key as a multiple of 1024 (default = 1024).</p>
<p class="Code">-lifetimeInMonths or -lm &lt;months&gt; &#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;The 
 lifetime in months (default = 60).</p>
<p class="Code">-publicKeyFilePath or -pbf &lt;filepath&gt; &#160;&#160;&#160;&#160;&#160;&#160;The 
 path to the certificate to renew or revoke (a DER file).</p>
<p class="Code">-privateKeyFilePath or -pvf &lt;filepath&gt; &#160;&#160;&#160;&#160;&#160;The 
 path to an existing private key to reuse or convert.</p>
<p class="Code">-privateKeyPassword or -pvp &lt;password&gt; &#160;&#160;&#160;&#160;&#160;The 
 password for the private key.</p>
<p class="Code">-reuseKey or -rk &lt;true | false&gt; &#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;Whether 
 to reuse an existing public key (default = false).</p>
<p class="Code">-ca &lt;true | false&gt; &#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;Whether 
 to create a CA certificate (default = false).</p>
<p class="Code">-pem &lt;true | false&gt; &#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;Whether 
 to output in the PEM format (default = PFX).</p>
<p class="Code">&#160;&#160;</p>
<h2>Examples</h2>
<p class="Code"><span style="font-family: Verdana, sans-serif;">Create 
 a self-signed Application Certificate:</span><span style="font-family: 'Courier New', monospace;"> 
 </span>-cmd issue -sp . -sn MyApp</p>
<p class="Code"><span style="font-family: Verdana, sans-serif;">Create 
 a CA Certificate:</span> -cmd issue -sp . -an MyCA -ca true</p>
<p class="Code"><span style="font-family: Verdana, sans-serif;">Issue an 
 Application Certificate:</span> -cmd issue -sp . -an MyApp -ikf CaKeyFile 
 -ikp CaPassword</p>
<p class="Code"><span style="font-family: Verdana, sans-serif;">Renew a 
 Certificate:</span> -cmd issue -sp . -pbf MyCertFile -ikf CaKeyFile -ikp 
 CaPassword</p>
<p class="Code"><span style="font-family: Verdana, sans-serif;">Revoke 
 a Certificate:</span> -cmd revoke -sp . -pbf MyCertFile -ikf CaKeyFile 
 -ikp CaPassword</p>
<p class="Code"><span style="font-family: Verdana, sans-serif;">Unrevoke 
 a Certificate:</span> -cmd unrevoke -sp . -pbf MyCertFile -ikf CaKeyFile 
 -ikp CaPassword</p>
<p class="Code"><span style="font-family: Verdana, sans-serif;">Convert 
 key format:</span> -cmd convert true -pw newpassword -pvf MyKeyFile -pvp 
 oldpassword -pem true</p>
<p style="color: #ff0000;">&#160;</p>
</body>
</html>
